[nigella]

My daughter has downloaded ilivid and and I have searchqu as my search engine how do I remove it?

I have run the latest OTL quick scan and here is the output.

OTL logfile created on: 14/02/2012 18:19:29 - Run 5
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pothecary\Documents\Downloads\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 0.92 Gb Available Physical Memory | 46.45% Memory free
4.22 Gb Paging File | 3.02 Gb Available in Paging File | 71.49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 2.64 Gb Free Space | 9.45% Space Free | Partition Type: NTFS
Drive D: | 26.48 Gb Total Space | 6.47 Gb Free Space | 24.44% Space Free | Partition Type: NTFS
Drive Z: | 232.83 Gb Total Space | 57.84 Gb Free Space | 24.84% Space Free | Partition Type: FAT

Computer Name: NICKY | User Name: Pothecary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pothecary\Documents\Downloads\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files\iLivid\ilivid.exe ()
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\iLivid\ilivid.exe ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\iLivid\QtCore4.dll ()
MOD - C:\Program Files\iLivid\QtWebKit4.dll ()
MOD - C:\Program Files\iLivid\QtScript4.dll ()
MOD - C:\Program Files\iLivid\phonon4.dll ()
MOD - C:\Program Files\iLivid\QtGui4.dll ()
MOD - C:\Program Files\iLivid\QtNetwork4.dll ()
MOD - C:\Program Files\iLivid\imageformats\qgif4.dll ()
MOD - C:\Program Files\iLivid\imageformats\qjpeg4.dll ()
MOD - C:\Program Files\iLivid\libgcc_s_dw2-1.dll ()
MOD - C:\Program Files\iLivid\mingwm10.dll ()
MOD - C:\Program Files\WinZip\WZSHLEXT.DLL ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Firewall) -- File not found
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (OemBiosDevice) -- C:\Windows\System32\drivers\royal.sys (PARADOX)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (WacomPen) -- C:\Windows\system32\drivers\wacompen.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgiVecp.sys (DeviceGuys, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pothecary\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/10 14:35:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 23:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 20:07:27 | 000,000,000 | ---D | M]

[2012/02/14 14:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Extensions
[2012/02/14 18:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\extensions
[2011/03/07 08:26:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/09 18:47:40 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\extensions\[email protected]
[2012/02/14 14:16:15 | 000,002,519 | ---- | M] () -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchplugins\Search_Results.xml
[2012/02/14 14:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 16:16:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/09/10 14:35:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\POTHECARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PXXNZ8Q3.DEFAULT\EXTENSIONS\[email protected]
[2012/01/02 23:44:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/05 03:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 14:16:15 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/05 03:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [Facebook Update] C:\Users\Pothecary\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\RunOnce: [!SearchquDSFF] C:\Windows\system32\RUNDLL32.EXE C:\Users\POTHEC~1\AppData\Local\Temp\SRASSE~1.DLL,_SetFirefoxAssets Search Results,Search_Results,http://dts.search-results.com/sr?src=ffb&appid=113&systemid=406&sr=0&q=, File not found
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\RunOnce: [!SearchquFFHP] C:\Windows\system32\RUNDLL32.EXE C:\Users\POTHEC~1\AppData\Local\Temp\INSTAL~1.DLL,_SetFirefoxHP http://www.searchqu.com/406, File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Pothecary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pothecary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94F98224-CFCD-43D3-BEA9-0DB21A6C0119}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3A3BAE-1521-4154-959A-421C61B7001D}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pothecary\Documents\Downloads\Desktop\Ella and Archie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pothecary\Documents\Downloads\Desktop\Ella and Archie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 18:17:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pothecary\Documents\Downloads\Desktop\OTL.exe
[2012/02/14 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\vlc
[2012/02/14 14:19:12 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\Ilivid Player
[2012/02/14 14:17:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\~0
[2012/02/14 14:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/02/14 14:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2012/02/14 14:14:15 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\PackageAware
[2012/02/06 23:46:18 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{F0BC70E2-FB9A-4096-8D77-0736FB6A4973}
[2012/02/06 23:45:53 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{59B67A4E-A6D8-4ED4-BAB4-9480D455826B}
[2012/02/04 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HardwareHelper
[2012/02/04 16:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware Helper
[2012/02/04 16:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2012/02/04 13:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\BetterCareerSearch_2bEI
[2012/02/03 23:20:57 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\libimobiledevice
[2012/02/03 23:20:55 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\log
[2012/02/03 23:17:04 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\Documents\Aiseesoft Studio
[2012/02/03 23:10:35 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\GetRightToGo
[2012/01/21 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{A28B1549-977F-4565-8B4F-FFDB3B3905AB}
[2012/01/21 00:21:57 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{7C9CB007-8A4B-4534-AF07-CCDBBB8959FA}
[2012/01/19 09:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert VOB to AVI
[2012/01/19 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Convert VOB to AVI
[2012/01/15 22:45:42 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{0B4F7BDF-B304-4AE7-807D-6355B8E20866}
[2012/01/15 22:45:09 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{4BF46BBA-C71A-441E-AAA5-A40F3B9F92CF}
[2 C:\Users\Pothecary\Documents\*.tmp files -> C:\Users\Pothecary\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 18:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pothecary\Documents\Downloads\Desktop\OTL.exe
[2012/02/14 18:10:47 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 18:10:47 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 18:05:33 | 000,000,930 | ---- | M] () -- C:\Users\Pothecary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/14 18:05:33 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 17:46:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 14:19:11 | 000,000,117 | ---- | M] () -- C:\Users\Public\Desktop\Chat with fTalk.url
[2012/02/14 14:12:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000UA.job
[2012/02/12 17:12:04 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000Core.job
[2012/02/07 16:20:10 | 000,131,552 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\429844_10150759050253272_680588271_12250402_1382774368_n.jpg
[2012/02/07 16:17:24 | 000,028,589 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image2.jpg
[2012/02/07 16:16:59 | 000,027,976 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image1.jpg
[2012/02/05 12:52:20 | 000,074,339 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\37891_1151116875551_1756522498_294300_5898579_n.jpg
[2012/02/04 16:25:31 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 16:25:31 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 16:13:32 | 000,001,036 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Hardware Helper.lnk
[2012/01/19 10:00:36 | 000,044,032 | ---- | M] () -- C:\Users\Pothecary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/19 09:33:36 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Convert VOB to AVI.lnk
[2 C:\Users\Pothecary\Documents\*.tmp files -> C:\Users\Pothecary\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 18:05:33 | 000,000,930 | ---- | C] () -- C:\Users\Pothecary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/14 18:05:33 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 14:19:11 | 000,000,117 | ---- | C] () -- C:\Users\Public\Desktop\Chat with fTalk.url
[2012/02/07 16:17:24 | 000,028,589 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image2.jpg
[2012/02/07 16:16:59 | 000,027,976 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image1.jpg
[2012/02/07 16:15:11 | 000,131,552 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\429844_10150759050253272_680588271_12250402_1382774368_n.jpg
[2012/02/05 12:52:19 | 000,074,339 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\37891_1151116875551_1756522498_294300_5898579_n.jpg
[2012/02/04 16:13:32 | 000,001,036 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Hardware Helper.lnk
[2012/02/02 23:07:47 | 000,346,763 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Ella and Archie.jpg
[2012/01/19 09:33:36 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\Convert VOB to AVI.lnk
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/22 23:46:08 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011/12/22 23:46:07 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011/12/22 23:46:07 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/12/22 23:46:06 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011/10/12 21:29:04 | 000,005,611 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp5.html
[2011/10/12 20:57:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/17 08:52:59 | 000,152,696 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/16 08:00:29 | 000,005,718 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp6.html
[2011/07/28 20:34:16 | 000,005,385 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp8.html
[2011/07/28 20:28:10 | 000,001,892 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp1.html
[2011/04/24 18:44:17 | 000,000,048 | ---- | C] () -- C:\Windows\winfile.ini
[2011/03/21 22:20:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/03/21 22:19:16 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011/03/06 11:11:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dxdiag.exe
[2011/03/06 01:22:32 | 000,044,032 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 00:38:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/06 00:37:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/06 00:37:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/05 21:22:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/03/05 21:04:42 | 000,000,739 | ---- | C] () -- C:\Windows\entpack.ini
[2011/03/05 18:26:26 | 000,000,036 | ---- | C] () -- C:\Windows\Tiny_Run.ini
[2011/03/05 18:10:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/05 17:48:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009/10/06 07:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:44:53 | 000,347,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:52:52 | 000,020,608 | ---- | C] () -- C:\Windows\System32\drivers\wacompen.sys
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== LOP Check ==========

[2011/09/09 01:09:24 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Auslogics
[2011/06/26 23:05:19 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Blackberry Desktop
[2012/01/07 18:54:01 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Canon
[2011/11/23 15:51:21 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\DVDVideoSoft
[2011/04/13 11:21:42 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/03 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\GetRightToGo
[2011/03/19 00:50:49 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\ImgBurn
[2012/01/12 23:26:05 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\JAM Software
[2011/08/02 16:49:35 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Jasc
[2012/02/03 23:21:06 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\libimobiledevice
[2012/02/03 23:20:55 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\log
[2011/03/23 20:54:50 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\OpenOffice.org
[2011/06/22 23:40:42 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Research In Motion
[2012/01/12 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Samsung
[2011/03/05 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Simple Star
[2011/07/28 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Skyline
[2012/01/12 22:59:08 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Temp
[2011/10/03 20:58:36 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\uTorrent
[2012/02/12 17:12:04 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000Core.job
[2012/02/14 14:12:01 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000UA.job
[2012/02/11 19:24:48 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 177 bytes -> C:\Users\Pothecary\AppData\Local\Temp:SL_{70784561-6f6c-6572-7256-696577657236}
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >


Thanks for helping

Edited by nigella, 14 February 2012 - 12:28 PM.

[Advertisements]

Hi, nigella! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Check Lop Check and Purity Check
• Under Extra Registry select Use SafeList
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  c:|Bandoo;true;true;true; /FP
  c:|Searchqu;true;true;true; /FP
  c:|iLivid;true;true;true; /FP
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  CREATERESTOREPOINT
  
• Click the RunScan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply




Step 3.

Please post:

OTL.txt
Extras.txt
aswMBR log

Give me any updates on issues with your computer

[CompCav]

Hi, nigella! My nick name is CompCav and I will be assisting you with your Malware/Security problems. Please make sure you read all of the instructions and fixes thoroughly before continuing with them. If you have any questions or you are unsure about anything, just ask and I will help you out.

If you have resolved the issues you were originally experiencing, or have received help elsewhere, please let me know so that this topic can be closed.

I am currently still in training and my posts have to be approved by an expert so please expect a delay between my posts.

Please make sure you are saving and printing the instructions out prior to each fix, this way you will have them on hand just in case you are unable to access this site. One of the steps I will be asking you to do requires you to boot into Safe Mode and this process will be much easier for you to perform if the instructions are printed out for you to follow.

If you are ready to get started, please review and follow these guidelines so that we resolve your issues in a timely and effective manner:

• Logs from malware removal programs (OTL is one of them) can take some time to analyze. I need you to be patient while I analyze any logs you post.
• Please make sure to carefully read any instructions that I give you. Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
• If you're not sure, or if something unexpected happens, do NOT continue! Stop and ask!
• These instructions have been specifically tailored to your computer and the issues you are experiencing with your computer. These instructions are not suitable for any other computer, even if the issues are fairly similar.
• Do not do things I do not ask for, such as running a spyware scan on your computer. However, the one thing that you should always do, is to make sure your anti-virus definitions are up-to-date!
• Please do not use the Attachment feature for any log file. Just do a Copy/Paste of the entire contents of the log file inside your post and submit.
• You must reply within four days failure to reply will result in the topic being closed!
• Please do not PM me directly for help. If you have any questions, post them in this topic. PM me only if I have not responded to your last post in 2 days.
• Lastly, I am no magician. I will try very hard to fix your issues, but no promises can be made. Also be aware that some infections are so severe that you might need to ultimately reformat your hard drive and reinstall the operating system.
  Don't worry, this only happens in severe cases, but it sadly does happen. Please have the software and storage media for backing up your data available.

Step 1.

Download OTL to your Desktop

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Select All Users
• Check Lop Check and Purity Check
• Under Extra Registry select Use SafeList
• Under the Custom Scan box paste this in
  
  netsvcs
  %SYSTEMDRIVE%\*.exe
  c:|Bandoo;true;true;true; /FP
  c:|Searchqu;true;true;true; /FP
  c:|iLivid;true;true;true; /FP
  /md5start
  consrv.dll
  explorer.exe
  winlogon.exe
  Userinit.exe
  svchost.exe
  /md5stop
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s
  C:\Windows\assembly\tmp\U\*.* /s
  %Temp%\smtmp\1\*.*
  %Temp%\smtmp\2\*.*
  %Temp%\smtmp\3\*.*
  %Temp%\smtmp\4\*.*
  CREATERESTOREPOINT
  
• Click the RunScan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
• When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
• Post both logs

Step 2.

Download aswMBR.exe ( 1.8mb ) to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan



On completion of the scan click save log, save it to your desktop and post in your next reply




Step 3.

Please post:

OTL.txt
Extras.txt
aswMBR log

Give me any updates on issues with your computer

[nigella]

Thanks for your assistance :-)

OTL.txt

OTL logfile created on: 14/02/2012 23:10:40 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pothecary\Documents\Downloads\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.51% Memory free
4.22 Gb Paging File | 3.15 Gb Available in Paging File | 74.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 2.65 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Drive D: | 26.48 Gb Total Space | 6.47 Gb Free Space | 24.44% Space Free | Partition Type: NTFS
Drive Y: | 35.48 Gb Total Space | 10.92 Gb Free Space | 30.77% Space Free | Partition Type: NTFS
Drive Z: | 232.83 Gb Total Space | 57.84 Gb Free Space | 24.84% Space Free | Partition Type: FAT

Computer Name: NICKY | User Name: Pothecary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pothecary\Documents\Downloads\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
PRC - C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
PRC - C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
PRC - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Users\Pothecary\AppData\Local\Temp\bad4021e-8b96-4726-a482-7caebf5bc001\CliSecureRT.dll ()
MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\adc6081b96ada807b858bd7dd6c44b08\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\3c0633ebbeacf2d66ef3952b50568479\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b8f8841931a97c3ab2b652f13cfeb295\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\945868a5fd952dcfe3fa4904cbab936a\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\7306f4ac763fc6264804397bc22226e8\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\1020c111f6b4ffeafa3055475e8df7de\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\2250dfa714756e8a58db82433c1ae275\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\968981974b267a245b7b78393836df5a\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\18ec39f6cef17c8576736b60e0be5131\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\11a64ded5d210891688bdef1c54c26e4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\9db16bf8a565eaa6bbb182dcd147cfb6\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\34b8c9534065b074e4e5228f40310e13\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\404a37992b5c2de07993795fb48dfc65\mscorlib.ni.dll ()
MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Win32 Services (SafeList) ==========

SRV - (avast! Firewall) -- File not found
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Samsung UPD Service) -- C:\Windows\System32\SUPDSvc.exe (Samsung Electronics CO., LTD.)
SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV - (dgderdrv) -- C:\Windows\System32\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV - (aswFW) -- C:\Windows\System32\drivers\aswFW.sys (AVAST Software)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MREMP50) -- C:\Program Files\Common Files\Motive\MREMP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (MRESP50) -- C:\Program Files\Common Files\Motive\MRESP50.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV - (OemBiosDevice) -- C:\Windows\System32\drivers\royal.sys (PARADOX)
DRV - (sscemdm) -- C:\Windows\System32\drivers\sscemdm.sys (MCCI Corporation)
DRV - (ssceserd) SAMSUNG Mobile Modem Diagnostic Serial Port V2 (WDM) -- C:\Windows\System32\drivers\ssceserd.sys (MCCI Corporation)
DRV - (sscebus) SAMSUNG USB Composite Device V2 driver (WDM) -- C:\Windows\System32\drivers\sscebus.sys (MCCI Corporation)
DRV - (sscemdfl) -- C:\Windows\System32\drivers\sscemdfl.sys (MCCI Corporation)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.SYS (Samsung Electronics)
DRV - (MTsensor) -- C:\Windows\System32\drivers\ATKACPI.sys (ATK0100)
DRV - (RTL8023xp) -- C:\Windows\System32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (WacomPen) -- C:\Windows\system32\drivers\wacompen.sys ()
DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems)
DRV - (DgiVecp) -- C:\Windows\System32\drivers\DgiVecp.sys (DeviceGuys, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.21.0.11
FF - prefs.js..keyword.URL: "http://dts.search-re...id=406&sr=0&q="
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Motive.com/NpMotive,version=1.0: C:\Program Files\Common Files\Motive\npMotive.dll (Motive, Inc.)
FF - HKLM\Software\MozillaPlugins\@rim.com/npappworld: C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Pothecary\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/09/10 14:35:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/01/02 23:44:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/01/12 20:07:27 | 000,000,000 | ---D | M]

[2012/02/14 14:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Extensions
[2012/02/14 18:06:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\extensions
[2011/03/07 08:26:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/09 18:47:40 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\extensions\[email protected]
[2012/02/14 14:16:15 | 000,002,519 | ---- | M] () -- C:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchplugins\Search_Results.xml
[2012/02/14 14:16:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/01/07 16:16:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}
[2011/09/10 14:35:57 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
() (No name found) -- C:\USERS\POTHECARY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\PXXNZ8Q3.DEFAULT\EXTENSIONS\[email protected]
[2012/01/02 23:44:03 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/11/05 03:21:03 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/14 14:16:15 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
[2011/11/05 03:21:03 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2006/09/18 21:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [btbb_McciTrayApp] C:\Program Files\BT Broadband Desktop Help\btbb\BTHelpNotifier.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [Facebook Update] C:\Users\Pothecary\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube Download - C:\Users\Pothecary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Pothecary\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{94F98224-CFCD-43D3-BEA9-0DB21A6C0119}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EF3A3BAE-1521-4154-959A-421C61B7001D}: DhcpNameServer = 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pothecary\Documents\Downloads\Desktop\Ella and Archie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pothecary\Documents\Downloads\Desktop\Ella and Archie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 21:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/02/14 23:11:37 | 004,733,440 | ---- | C] (AVAST Software) -- C:\Users\Pothecary\Documents\Downloads\Desktop\aswMBR.exe
[2012/02/14 18:17:53 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Users\Pothecary\Documents\Downloads\Desktop\OTL.exe
[2012/02/14 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\vlc
[2012/02/14 14:19:12 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\Ilivid Player
[2012/02/14 14:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2012/02/14 14:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
[2012/02/14 14:14:15 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\PackageAware
[2012/02/06 23:46:18 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{F0BC70E2-FB9A-4096-8D77-0736FB6A4973}
[2012/02/06 23:45:53 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{59B67A4E-A6D8-4ED4-BAB4-9480D455826B}
[2012/02/04 16:14:07 | 000,000,000 | ---D | C] -- C:\ProgramData\HardwareHelper
[2012/02/04 16:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hardware Helper
[2012/02/04 16:13:29 | 000,000,000 | ---D | C] -- C:\Program Files\Driver-Soft
[2012/02/04 13:48:52 | 000,000,000 | ---D | C] -- C:\Program Files\BetterCareerSearch_2bEI
[2012/02/03 23:20:57 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\libimobiledevice
[2012/02/03 23:20:55 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\log
[2012/02/03 23:17:04 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\Documents\Aiseesoft Studio
[2012/02/03 23:10:35 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\GetRightToGo
[2012/01/21 00:22:21 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{A28B1549-977F-4565-8B4F-FFDB3B3905AB}
[2012/01/21 00:21:57 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\{7C9CB007-8A4B-4534-AF07-CCDBBB8959FA}
[2012/01/19 09:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Convert VOB to AVI
[2012/01/19 09:33:34 | 000,000,000 | ---D | C] -- C:\Program Files\Convert VOB to AVI
[2 C:\Users\Pothecary\Documents\*.tmp files -> C:\Users\Pothecary\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/14 23:12:01 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000UA.job
[2012/02/14 23:11:45 | 004,733,440 | ---- | M] (AVAST Software) -- C:\Users\Pothecary\Documents\Downloads\Desktop\aswMBR.exe
[2012/02/14 22:23:41 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 22:23:41 | 000,005,600 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/14 22:23:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/02/14 18:17:58 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Pothecary\Documents\Downloads\Desktop\OTL.exe
[2012/02/14 18:05:33 | 000,000,930 | ---- | M] () -- C:\Users\Pothecary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/14 18:05:33 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 14:19:11 | 000,000,117 | ---- | M] () -- C:\Users\Public\Desktop\Chat with fTalk.url
[2012/02/12 17:12:04 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000Core.job
[2012/02/07 16:20:10 | 000,131,552 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\429844_10150759050253272_680588271_12250402_1382774368_n.jpg
[2012/02/07 16:17:24 | 000,028,589 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image2.jpg
[2012/02/07 16:16:59 | 000,027,976 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image1.jpg
[2012/02/05 12:52:20 | 000,074,339 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\37891_1151116875551_1756522498_294300_5898579_n.jpg
[2012/02/04 16:25:31 | 000,598,900 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/02/04 16:25:31 | 000,104,914 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/02/04 16:13:32 | 000,001,036 | ---- | M] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Hardware Helper.lnk
[2012/02/04 15:24:09 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012/01/27 00:21:24 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe
[2012/01/19 10:00:36 | 000,044,032 | ---- | M] () -- C:\Users\Pothecary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/19 09:33:36 | 000,000,837 | ---- | M] () -- C:\Users\Public\Desktop\Convert VOB to AVI.lnk
[2 C:\Users\Pothecary\Documents\*.tmp files -> C:\Users\Pothecary\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/14 18:05:33 | 000,000,930 | ---- | C] () -- C:\Users\Pothecary\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2012/02/14 18:05:33 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/02/14 14:19:11 | 000,000,117 | ---- | C] () -- C:\Users\Public\Desktop\Chat with fTalk.url
[2012/02/07 16:17:24 | 000,028,589 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image2.jpg
[2012/02/07 16:16:59 | 000,027,976 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Image1.jpg
[2012/02/07 16:15:11 | 000,131,552 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\429844_10150759050253272_680588271_12250402_1382774368_n.jpg
[2012/02/05 12:52:19 | 000,074,339 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\37891_1151116875551_1756522498_294300_5898579_n.jpg
[2012/02/04 16:13:32 | 000,001,036 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Hardware Helper.lnk
[2012/02/02 23:07:47 | 000,346,763 | ---- | C] () -- C:\Users\Pothecary\Documents\Downloads\Desktop\Ella and Archie.jpg
[2012/01/19 09:33:36 | 000,000,837 | ---- | C] () -- C:\Users\Public\Desktop\Convert VOB to AVI.lnk
[2011/12/23 20:58:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011/12/22 23:46:08 | 000,026,624 | ---- | C] () -- C:\Windows\System32\spd__l.dll
[2011/12/22 23:46:07 | 000,283,136 | ---- | C] () -- C:\Windows\System32\DscPnt.dll
[2011/12/22 23:46:07 | 000,259,888 | ---- | C] () -- C:\Windows\SUPDRun.exe
[2011/12/22 23:46:06 | 000,151,552 | ---- | C] () -- C:\Windows\System32\spd__ci.exe
[2011/10/12 21:29:04 | 000,005,611 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp5.html
[2011/10/12 20:57:38 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/09/17 08:52:59 | 000,152,696 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat
[2011/09/16 08:00:29 | 000,005,718 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp6.html
[2011/07/28 20:34:16 | 000,005,385 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp8.html
[2011/07/28 20:28:10 | 000,001,892 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\Temp1.html
[2011/04/24 18:44:17 | 000,000,048 | ---- | C] () -- C:\Windows\winfile.ini
[2011/03/21 22:20:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
[2011/03/21 22:19:16 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
[2011/03/06 11:11:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dxdiag.exe
[2011/03/06 01:22:32 | 000,044,032 | ---- | C] () -- C:\Users\Pothecary\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/03/06 00:38:37 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/03/06 00:37:29 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/03/06 00:37:29 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/03/05 21:22:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/03/05 21:04:42 | 000,000,739 | ---- | C] () -- C:\Windows\entpack.ini
[2011/03/05 18:26:26 | 000,000,036 | ---- | C] () -- C:\Windows\Tiny_Run.ini
[2011/03/05 18:10:56 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/03/05 17:48:14 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/01/29 17:00:22 | 000,974,848 | ---- | C] () -- C:\Windows\System32\cis-2.4.dll
[2011/01/29 17:00:22 | 000,081,920 | ---- | C] () -- C:\Windows\System32\issacapi_bs-2.3.dll
[2011/01/29 17:00:22 | 000,065,536 | ---- | C] () -- C:\Windows\System32\issacapi_pe-2.3.dll
[2011/01/29 17:00:22 | 000,057,344 | ---- | C] () -- C:\Windows\System32\issacapi_se-2.3.dll
[2009/10/06 07:16:00 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/02/11 18:55:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1437.dll
[2006/11/02 12:53:49 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 12:44:53 | 000,347,976 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 10:33:01 | 000,598,900 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 10:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 10:33:01 | 000,104,914 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 10:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 10:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 08:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 08:52:52 | 000,020,608 | ---- | C] () -- C:\Windows\System32\drivers\wacompen.sys
[2006/11/02 08:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 07:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 07:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/07/13 07:04:00 | 000,373,248 | ---- | C] () -- C:\Windows\EyeCand3.INI

========== LOP Check ==========

[2011/09/09 01:09:24 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Auslogics
[2011/06/26 23:05:19 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Blackberry Desktop
[2012/01/07 18:54:01 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Canon
[2011/11/23 15:51:21 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\DVDVideoSoft
[2011/04/13 11:21:42 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\DVDVideoSoftIEHelpers
[2012/02/03 23:16:12 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\GetRightToGo
[2011/03/19 00:50:49 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\ImgBurn
[2012/01/12 23:26:05 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\JAM Software
[2011/08/02 16:49:35 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Jasc
[2012/02/03 23:21:06 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\libimobiledevice
[2012/02/03 23:20:55 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\log
[2011/03/23 20:54:50 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\OpenOffice.org
[2011/06/22 23:40:42 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Research In Motion
[2012/01/12 22:50:00 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Samsung
[2011/03/05 18:24:25 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Simple Star
[2011/07/28 21:08:41 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Skyline
[2012/01/12 22:59:08 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\Temp
[2011/10/03 20:58:36 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\uTorrent
[2012/02/12 17:12:04 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000Core.job
[2012/02/14 23:12:01 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3288798915-3054387470-3783549070-1000UA.job
[2012/02/14 18:33:56 | 000,032,602 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >

< c:|Bandoo;true;true;true; /FP >

< c:|Searchqu;true;true;true; /FP >
[2012/02/14 17:58:41 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\LocalLow\searchquband
[2012/02/14 17:58:49 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\LocalLow\searchqutoolbar
[2012/02/14 17:58:49 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\LocalLow\searchqutoolbar\weather
[2012/02/14 17:48:04 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchqutoolbar
[2012/02/14 17:48:03 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchqutoolbar\weather

< c:|iLivid;true;true;true; /FP >
[2012/02/14 18:15:35 | 000,000,000 | ---D | M] -- c:\Program Files\iLivid
[2011/06/16 08:52:47 | 000,000,000 | ---D | M] -- c:\Program Files\iLivid\imageformats
[2012/02/14 14:16:28 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
[2012/02/14 14:16:24 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr
[2012/02/14 14:19:15 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\Local\Ilivid Player


< MD5 for: EXPLORER.EXE >
[2011/03/05 21:19:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2011/03/05 21:19:03 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2011/03/05 21:19:03 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011/03/05 19:12:55 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2011/03/05 19:12:54 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/10 23:27:38 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2011/03/05 21:19:04 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 09:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/18 23:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: SVCHOST.EXE >
[2006/11/02 09:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008/01/18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008/01/18 23:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: USERINIT.EXE >
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008/01/18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006/11/02 09:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

< MD5 for: WINLOGON.EXE >
[2012/01/13 14:53:20 | 000,182,856 | ---- | M] () MD5=63EEC8A8B221AB79045E776E5F592868 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 09:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT /s >
"DisplayName" = NETBT
"Group" = PNP_TDI
"ImagePath" = System32\DRIVERS\netbt.sys -- [2009/04/10 21:45:38 | 000,185,856 | ---- | M] (Microsoft Corporation)
"Description" = This service implements NetBios over TCP/IP.
"ErrorControl" = 1
"Start" = 1
"Type" = 1
"DependOnService" = Tdxtcpip [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Linkage]
"OtherDependencies" = Tcpip [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters]
"BcastNameQueryCount" = 3
"BcastQueryTimeout" = 750
"CacheTimeout" = 600000
"EnableLMHOSTS" = 1
"NameServerPort" = 137
"NameSrvQueryCount" = 3
"NameSrvQueryTimeout" = 1500
"NbProvider" = _tcp
"SessionKeepAlive" = 3600000
"Size/Small/Medium/Large" = 1
"TransportBindName" = \Device\
"UseNewSmb" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{94F98224-CFCD-43D3-BEA9-0DB21A6C0119}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Parameters\Interfaces\Tcpip_{EF3A3BAE-1521-4154-959A-421C61B7001D}]
"NameServerList" = [binary data]
"NetbiosOptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Security]
"Security" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBT\Enum]
"0" = Root\LEGACY_NETBT\0000
"Count" = 1
"NextInstance" = 1

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS /s >
"Type" = 2
"Start" = 1
"ErrorControl" = 1
"Tag" = 2
"ImagePath" = system32\DRIVERS\netbios.sys -- [2008/01/18 21:55:46 | 000,035,840 | ---- | M] (Microsoft Corporation)
"DisplayName" = NetBIOS Interface
"Group" = NetBIOSGroup
"Description" = NetBIOS Interface
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Linkage]
"LanaMap" = 01 00 01 04 01 02 01 07 01 06 01 01 01 05 [binary data]
"Bind" = [Binary data over 100 bytes]
"Route" = [Binary data over 100 bytes]
"Export" = [Binary data over 100 bytes]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters]
"MaxLana" = 7
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Parameters\Winsock]
"HelperDllName" = %SystemRoot%\System32\wshnetbs.dll -- [2006/11/02 09:46:14 | 000,011,264 | ---- | M] (Microsoft Corporation)
"MaxSockAddrLength" = 20
"MinSockAddrLength" = 20
"Mapping" = 02 00 00 00 03 00 00 00 11 00 00 00 05 00 00 00 00 00 00 00 11 00 00 00 02 00 00 00 00 00 00 00 [binary data]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\NetBIOS\Enum]
"0" = Root\LEGACY_NETBIOS\0000
"Count" = 1
"NextInstance" = 1

< C:\Windows\assembly\tmp\U\*.* /s >

< %Temp%\smtmp\1\*.* >

< %Temp%\smtmp\2\*.* >

< %Temp%\smtmp\3\*.* >

< %Temp%\smtmp\4\*.* >

========== Alternate Data Streams ==========

@Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 177 bytes -> C:\Users\Pothecary\AppData\Local\Temp:SL_{70784561-6f6c-6572-7256-696577657236}
@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >

Extras.txt

OTL Extras logfile created on: 14/02/2012 23:10:41 - Run 6
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Pothecary\Documents\Downloads\Desktop
Windows Vista Home Basic Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

1.99 Gb Total Physical Memory | 1.05 Gb Available Physical Memory | 52.51% Memory free
4.22 Gb Paging File | 3.15 Gb Available in Paging File | 74.61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 27.94 Gb Total Space | 2.65 Gb Free Space | 9.48% Space Free | Partition Type: NTFS
Drive D: | 26.48 Gb Total Space | 6.47 Gb Free Space | 24.44% Space Free | Partition Type: NTFS
Drive Y: | 35.48 Gb Total Space | 10.92 Gb Free Space | 30.77% Space Free | Partition Type: NTFS
Drive Z: | 232.83 Gb Total Space | 57.84 Gb Free Space | 24.84% Space Free | Partition Type: FAT

Computer Name: NICKY | User Name: Pothecary | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0F28DD75-FD66-4AE3-8101-A1CDAF5BC75A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=c:\windows\system32\spoolsv.exe |
"{305B4AA0-674A-428F-98B5-65363DC4BF6C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{3ACEE1D5-C09C-4497-9BD2-0D56B7A3A38D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{47BDE712-289F-40BE-8F8F-C8B7E00BE56B}" = lport=4482 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{4E4F8280-FAA3-4728-BF1E-19B2CD3CA6F3}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=file and printer sharing (spooler service - rpc-epmap) |
"{5BCC1933-3BFA-42CB-A553-AB54EE641C4A}" = lport=4481 | protocol=6 | dir=in | name=blackberry desktop software wireless music sync data transfer |
"{62E52886-910F-4C5E-8481-BE77484E41AD}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{765F2719-BCE9-452A-8AC7-4C8E44D5F6DF}" = lport=445 | protocol=6 | dir=in | app=system |
"{776EFF5E-C486-46E8-860C-FEE6D2B18036}" = rport=138 | protocol=17 | dir=out | app=system |
"{88A8DD62-932B-4E12-BCFB-AE99D7AD5A78}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{8F68D0C0-6749-4402-BAFA-71C5AD648F83}" = rport=445 | protocol=6 | dir=out | app=system |
"{9213F0B3-09C6-48DA-9E5D-7C8D1F2260BD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9E848194-1E97-4037-BB1B-9170D9489A6D}" = lport=4482 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B0568FC0-6EA6-481E-A913-C93033720711}" = rport=137 | protocol=17 | dir=out | app=system |
"{B165F967-3E43-46D8-B564-20FB1F0C49BC}" = lport=4481 | protocol=17 | dir=in | name=blackberry desktop software wireless music sync discovery |
"{B301AA2F-2CEC-48B4-977F-E2563EBF9C4E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{B9590883-9970-4D19-A2F5-39C906862E43}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CBDD3D38-B0AB-4390-8F44-7411668DCF2D}" = rport=2869 | protocol=6 | dir=out | app=system |
"{D3338057-6C41-486B-A0C8-5B08E3A2074B}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{D675866D-1E89-4F4F-B550-E18166BF8311}" = lport=139 | protocol=6 | dir=in | app=system |
"{E5D16FA5-A79A-4E07-A606-7E71057B3AB5}" = lport=138 | protocol=17 | dir=in | app=system |
"{EC643847-5A25-432B-A5E4-6B711CF0BA18}" = rport=139 | protocol=6 | dir=out | app=system |
"{EFF51690-0D7B-4481-B1B3-C97002E59E78}" = lport=137 | protocol=17 | dir=in | app=system |
"{F1A36FCD-ADF3-4575-A30E-EEEFB98FFCB9}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02054F3C-3E62-4EC4-B3F8-39DAF9083B14}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{037DABD9-ADE9-4460-829E-1D4F311261AE}" = protocol=17 | dir=in | app=c:\windows\system32\muzapp.exe |
"{0627B7A3-C2EA-43EC-957F-32DB33C116C1}" = protocol=58 | dir=in | name=file and printer sharing (echo request - icmpv6-in) |
"{07B8E920-3116-4E1B-A6F6-4E570F910384}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{11AD653C-1C2A-4F51-A977-B6C9D7971861}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{2F998226-F0D1-4D99-9339-8952353D785F}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{3071B0FC-2E53-48FE-9A4C-78B9BCCE2308}" = protocol=17 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{314509FE-A073-4E1C-974B-61FFEAD35875}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{31BEABCF-87FA-45A4-B53E-F6D9B4BB12F9}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{4C3A4626-8DE4-4A9A-B600-B11546E6C596}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{4E6DDB38-7F48-4D01-B3FE-5D1AE052A718}" = protocol=6 | dir=in | app=c:\program files\research in motion\blackberry desktop\rim.desktop.exe |
"{50EF6972-CC0D-4BA9-BF25-32611C44B937}" = dir=in | app=c:\users\pothecary\appdata\local\facebook\video\skype\facebookvideocalling.exe |
"{51C3ADE4-CB7B-4A53-976D-818FE4F18A3E}" = protocol=6 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{5AFB965D-5BD3-40E8-8C67-778680900C7B}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{62423124-E55E-40FF-AEDB-5D2669AEA3AD}" = protocol=6 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{6DD49429-C419-4BB4-8314-0A42AA3DAB02}" = protocol=17 | dir=in | app=c:\program files\windows ilivid toolbar\datamngr\toolbar\dtuser.exe |
"{756316AC-BA64-47CD-B653-053B9BBE89F3}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{7578A6F7-7207-49D7-8BCF-8E0F4BCC04C1}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{7646C635-7C9E-4FEB-A95A-3B68F86C0C8E}" = protocol=17 | dir=in | app=e:\x86\ibiscont.exe |
"{77FD4572-3EA3-4A84-A376-0DF7F840EFD7}" = protocol=58 | dir=in | [email protected],-148 |
"{81AD0FE4-1A3B-489F-805B-ABF8497F9651}" = protocol=1 | dir=out | name=file and printer sharing (echo request - icmpv4-out) |
"{85F8B925-C243-4780-8664-B6115F08EEF7}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{8DDB7EA8-883A-4764-94C6-DEEFF805B0E1}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{985C882A-5586-4CCA-A9DE-3E7A559EE3B5}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{9B9B1F50-6204-4E4D-B019-A37724C0B8F5}" = protocol=6 | dir=in | app=c:\windows\system32\muzapp.exe |
"{A8E80C9F-073E-4B9F-BC41-DA98F7D26442}" = protocol=58 | dir=out | name=file and printer sharing (echo request - icmpv6-out) |
"{AB13D863-9A37-42A7-92EE-1A08BF6ACBC8}" = protocol=6 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpnotifier.exe |
"{B8144F57-D35A-4F35-903F-B21217E2E3B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C31BD60F-B826-4F21-8147-D057F92628F3}" = protocol=6 | dir=in | app=e:\x86\ibiscont.exe |
"{C46FD61A-3FC7-4953-BA24-FE70819A010E}" = protocol=17 | dir=in | app=c:\program files\bt broadband desktop help\btbb\bthelpbrowser.exe |
"{C9D464FE-E258-4969-973D-D8BA89738A18}" = protocol=1 | dir=in | name=file and printer sharing (echo request - icmpv4-in) |
"{CD71BCC0-3553-484A-ADEE-5348B3616C6C}" = protocol=17 | dir=in | app=c:\windows\system32\supdsvc.exe |
"{DC39B979-4504-496E-A1D0-F46651EF90EA}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{EA16C179-0B4C-4E77-8BEA-284033483F65}" = dir=in | app=c:\program files\itunes\itunes.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DB87EAC-F695-4D59-9609-C93119AE6B35}" = SAMSUNG Dr.Printer
"{12BAA98C-F8DD-4BC9-BBE6-1C8463114197}" = BlackBerry Device Software Updater
"{18A5DFF2-8A95-49F3-873F-743CB5549F3D}" = Canon ScanGear Starter
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java™ 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java™ 6 Update 22
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5FE0C13A-63F1-4394-88A8-2D8722A75FE0}_is1" = Convert VOB to AVI
"{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{75157F34-02C6-4831-BD66-3BC49E7A8394}" = BlackBerry Desktop Software 6.1
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{8153ED9A-C94A-426E-9880-5E6775C08B62}" = Apple Mobile Device Support
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DE03F6E-FCD2-4497-A8FF-F6C4430618B6}" = BlackBerry App World Browser Plugin
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.2)
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}" = iTunes
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{CA9BCD4D-B782-4637-8F1F-F9A328D3C244}" = CanoScan Toolbox Ver4.9
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6DE02C7-1F47-11D4-9515-00105AE4B89A}" = Paint Shop Pro 7 Anniversary Edition
"{DAB5C521-80B2-48C3-B0DA-326A1B331F55}" = GoToAssist Corporate
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BlackBerry_Desktop" = BlackBerry Desktop Software 6.1
"BT Broadband Desktop Help" = BT Broadband Desktop Help
"BTHomeHub" = BTHomeHub
"CCleaner" = CCleaner
"Free Studio_is1" = Free Studio version 5.2.1
"Hardware Helper_is1" = Hardware Helper
"HDMI" = Intel® Graphics Media Accelerator Driver
"ImgBurn" = ImgBurn
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.1.1000
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mozilla Firefox 9.0.1 (x86 en-US)" = Mozilla Firefox 9.0.1 (x86 en-US)
"Samsung CLP-320 Series" = Maintenance Samsung CLP-320 Series
"Samsung Universal Print Driver" = Samsung Universal Print Driver
"Soulseek" = SoulSeek Client 156c
"SpywareBlaster_is1" = SpywareBlaster 4.4
"uTorrent" = µTorrent
"Windows Searchqu Toolbar" = Windows iLivid Toolbar
"WinLiveSuite" = Windows Live Essentials
"WinZip" = WinZip

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{EE19063F-7048-4094-9A1D-D69D9C591119}_is1" = Albelli Photo books

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >


aseMBR.txt

aswMBR version 0.9.9.1532 Copyright© 2011 AVAST Software
Run date: 2012-02-14 23:24:00
-----------------------------
23:24:00.142 OS Version: Windows 6.0.6002 Service Pack 2
23:24:00.142 Number of processors: 2 586 0xE0C
23:24:00.144 ComputerName: NICKY UserName:
23:24:02.070 Initialize success
23:24:02.911 AVAST engine defs: 12021401
23:24:27.760 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:24:27.766 Disk 0 Vendor: TOSHIBA_MK6037GSX DL330M Size: 57231MB BusType: 3
23:24:27.796 Disk 0 MBR read successfully
23:24:27.802 Disk 0 MBR scan
23:24:27.809 Disk 0 Windows VISTA default MBR code
23:24:27.853 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 1500 MB offset 2048
23:24:27.876 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 28615 MB offset 3074048
23:24:27.914 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 27114 MB offset 61677568
23:24:27.927 Disk 0 scanning sectors +117207040
23:24:28.004 Disk 0 scanning C:\Windows\system32\drivers
23:24:41.506 Service scanning
23:24:43.950 Modules scanning
23:24:51.968 Disk 0 trace - called modules:
23:24:51.993 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys tcpip.sys NETIO.SYS dxgkrnl.sys igdkmd32.sys
23:24:52.003 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x860f2ac8]
23:24:52.010 3 CLASSPNP.SYS[8379d8b3] -> nt!IofCallDriver -> [0x8506e8b0]
23:24:52.018 5 acpi.sys[806966bc] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x8506c6c0]
23:24:52.727 AVAST engine scan C:\Windows
23:24:55.055 AVAST engine scan C:\Windows\system32
23:27:35.184 AVAST engine scan C:\Windows\system32\drivers
23:27:49.103 AVAST engine scan C:\Users\Pothecary
23:31:12.586 AVAST engine scan C:\ProgramData
23:33:13.546 Scan finished successfully
23:34:08.479 Disk 0 MBR has been saved successfully to "C:\Users\Pothecary\Documents\Downloads\Desktop\MBR.dat"
23:34:08.489 The log file has been saved successfully to "C:\Users\Pothecary\Documents\Downloads\Desktop\aswMBR.txt"


here are the three log files you asked for

[CompCav]

I am reviewing the results and I will have a major fix for you tomorrow that will be a big step in cleaning this malware off your computer.

CompCav

[CompCav]

Before we begin we need to disable the SpyBot Teatimer.

TeaTimer works by preventing ANY changes to the system. It will attempt to undo any fixes we run, because it blocks these fixes from running.

In order to safeguard your system from problems that can be brought on by a half finished fix, we need to disable TeaTimer. We can re-enable it when we're done if you like.

• Open SpyBot Search and Destroy by going to Start -> All Programs -> Spybot Search and Destroy -> Spybot Search and Destroy.
• If prompted with a legal dialog, accept the warning.
• Click Mode and then on "Advanced Mode".
  
• You may be presented with a warning dialog. If so, press Yes.
• Click on
• Click on
• Uncheck these checkboxes:
  
• Close/Exit Spybot Search and Destroy.

Step 1.

Please uninstall
iLivid
SoulSeek Client 156c (See below about P2P)
µTorrent (See below about P2P)

IMPORTANT I have noticed that there are signs of the two P2P (Peer to Peer) File Sharing Programs listed above on your computer.

As long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur.

Once upon a time, P2P file sharing was fairly safe. This is no longer true. P2P programs form a direct conduit inside your computer, their security measures are easily circumvented, and malware writers are increasingly exploiting them to spread their wares on to your computer. If your P2P program is not configured correctly, your computer may also be sharing more files than you realize. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

If you need convincing, please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
infoworld

It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall both of them, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep them, please do not use either of them until your computer is cleaned.



Step 2.

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it this fix hangs again, then completely uninstall MalwareBytes' and run the fix again.

• Please reopen on your desktop.
• Copy and Paste the following code into the textbox.
  
  

  :OTL
  PRC - C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
  IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.searchqu.com/406
  IE - HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
  FF - prefs.js..browser.startup.homepage: "http://www.searchqu.com/406"
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
  FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
  [2011/11/10 05:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
  [2012/02/14 14:16:15 | 000,002,519 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
  O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
  O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
  O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
  O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
  O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
  O4 - HKLM..\Run: [NWEReboot] File not found
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
  O20 - AppInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
  [2012/02/14 14:19:36 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Roaming\vlc
  [2012/02/14 14:19:12 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\Ilivid Player
  [2012/02/14 14:17:07 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
  [2012/02/14 14:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows iLivid Toolbar
  [2012/02/14 14:14:15 | 000,000,000 | ---D | C] -- C:\Users\Pothecary\AppData\Local\PackageAware
  [2011/03/21 22:20:28 | 000,493,432 | ---- | C] () -- C:\Windows\ssndii.exe
  [2011/03/21 22:19:16 | 000,024,064 | ---- | C] () -- C:\Windows\System32\sst3cl3.dll
  [2011/03/06 11:11:52 | 000,000,000 | ---- | C] () -- C:\Windows\System32\dxdiag.exe
  [2011/10/03 20:58:36 | 000,000,000 | ---D | M] -- C:\Users\Pothecary\AppData\Roaming\uTorrent
  2012/02/14 17:58:41 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\LocalLow\searchquband
  [2012/02/14 17:58:49 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\LocalLow\searchqutoolbar
  [2012/02/14 17:58:49 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\LocalLow\searchqutoolbar\weather
  [2012/02/14 17:48:04 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchqutoolbar
  [2012/02/14 17:48:03 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchqutoolbar\weather
  [2012/02/14 18:15:35 | 000,000,000 | ---D | M] -- c:\Program Files\iLivid
  [2011/06/16 08:52:47 | 000,000,000 | ---D | M] -- c:\Program Files\iLivid\imageformats
  [2012/02/14 14:16:28 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar
  [2012/02/14 14:16:24 | 000,000,000 | ---D | M] -- c:\Program Files\Windows iLivid Toolbar\Datamngr
  [2012/02/14 14:19:15 | 000,000,000 | ---D | M] -- c:\Users\Pothecary\AppData\Local\Ilivid Player
  @Alternate Data Stream - 95 bytes -> C:\ProgramData\TEMP:5C321E34
  @Alternate Data Stream - 177 bytes -> C:\Users\Pothecary\AppData\Local\Temp:SL_{70784561-6f6c-6572-7256-696577657236}
  @Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:07BF512B
  
  
  :Reg
  
  
  
  :Files
  ipconfig /flushdns /c
  C:\Program Files\Windows iLivid Toolbar
  C:\Users\Pothecary\AppData\Local\Temp*.html
  
  
  
  
  
  :Commands
  [resethosts]
  [CreateRestorePoint]
  [emptytemp]

  
  
• Push
• OTL may ask to reboot the machine. Please do so if asked.
• Click the OK button.
• A report will open. Copy and Paste that report in your next reply.
• If the machine reboots, the log will be located at C:\_OTL\MovedFiles\mmddyyyy_hhmmss.log, where mmddyyyy_hhmmss is the date of the tool run.

Step 3.

Download TDSSKiller here and save to your desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  
  
  
• Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.
  
  
  
• Click the Start Scan button.
  
  
  
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
  
  
• If malicious objects are found, they will show in the Scan results and offer three (3) options.
• Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
  
  
  
• Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.


Step 4.

Please download Malwarebytes' Anti-Malware from Here.

Skip the next two steps if you already have MalwareBytes' installed.

Double Click mbam-setup.exe to install the application. Please decline the trial for now. If you want the trial we will start it after we clean your computer.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
• If an update is found, it will download and install the latest version. If you already have it installed click on the update Tab and update it.
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Step 5.

Please post:

OTL fix log
TDSSKiller log
mbam log

Please note any change in your computer in your next reply.

[nigella]

Hi you say to disable Malwarebytes but I am using the free version and I think it is run manually. would it be best uninstall it or is it ok to leave it inplace

[CompCav]

The free version does not have mbamservice.exe or mbamgui.exe running in task manager so this should not be a problem for you!

Thanks for checking!!!


CompCav

[nigella]

OTL Fix

All processes killed
========== OTL ==========
No active process named datamngrUI.exe was found!
HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3288798915-3054387470-3783549070-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "http://www.searchqu.com/406" removed from browser.startup.homepage
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\ deleted successfully.
C:\Program Files\Java\jre6\bin\ssv.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9D717F81-9148-4f12-8568-69135F087DB0}\ deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\BrowserConnection.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{99079a25-328f-4bd4-be04-00955acaa0a7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
File C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\searchqudtx.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\10 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DATAMNGR deleted successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngrUI.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\datamngr.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\datamngr.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll deleted successfully.
File pInit_DLLs: (C:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll) -C:\Program Files\Windows iLivid Toolbar\Datamngr\IEBHO.dll not found.
C:\Users\Pothecary\AppData\Roaming\vlc folder moved successfully.
C:\Users\Pothecary\AppData\Local\Ilivid Player folder moved successfully.
C:\Program Files\iLivid\imageformats folder moved successfully.
C:\Program Files\iLivid folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\components folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\searchbar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\options folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton\icons folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\weatherbutton folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\uwa folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\radio folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\scripts folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\images folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\default folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels\css folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib\panels folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\skin folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets\net.vmn.www.PPCBully folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\widgets folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\modules folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\lib folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data\search folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content\data folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar\chrome folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\ToolBar folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\content folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension\components folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr\FirefoxExtension folder moved successfully.
C:\Program Files\Windows iLivid Toolbar\Datamngr folder moved successfully.
C:\Program Files\Windows iLivid Toolbar folder moved successfully.
C:\Users\Pothecary\AppData\Local\PackageAware folder moved successfully.
C:\Windows\ssndii.exe moved successfully.
C:\Windows\System32\sst3cl3.dll moved successfully.
File move failed. C:\Windows\System32\dxdiag.exe scheduled to be moved on reboot.
Folder C:\Users\Pothecary\AppData\Roaming\uTorrent\ not found.
c:\Users\Pothecary\AppData\LocalLow\searchqutoolbar\weather folder moved successfully.
c:\Users\Pothecary\AppData\LocalLow\searchqutoolbar folder moved successfully.
Folder c:\Users\Pothecary\AppData\LocalLow\searchqutoolbar\weather\ not found.
c:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchqutoolbar\weather folder moved successfully.
c:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchqutoolbar folder moved successfully.
Folder c:\Users\Pothecary\AppData\Roaming\Mozilla\Firefox\Profiles\pxxnz8q3.default\searchqutoolbar\weather\ not found.
Folder c:\Program Files\iLivid\ not found.
Folder c:\Program Files\iLivid\imageformats\ not found.
Folder c:\Program Files\Windows iLivid Toolbar\ not found.
Folder c:\Program Files\Windows iLivid Toolbar\Datamngr\ not found.
Folder c:\Users\Pothecary\AppData\Local\Ilivid Player\ not found.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\Users\Pothecary\AppData\Local\Temp:SL_{70784561-6f6c-6572-7256-696577657236} deleted successfully.
ADS C:\ProgramData\TEMP:07BF512B deleted successfully.
========== REGISTRY ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Pothecary\Documents\Downloads\Desktop\cmd.bat deleted successfully.
C:\Users\Pothecary\Documents\Downloads\Desktop\cmd.txt deleted successfully.
File\Folder C:\Program Files\Windows iLivid Toolbar not found.
C:\Users\Pothecary\AppData\Local\Temp1.html moved successfully.
C:\Users\Pothecary\AppData\Local\Temp5.html moved successfully.
C:\Users\Pothecary\AppData\Local\Temp6.html moved successfully.
C:\Users\Pothecary\AppData\Local\Temp8.html moved successfully.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Pothecary
->Temp folder emptied: 186396 bytes
->Temporary Internet Files folder emptied: 906718 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 281937373 bytes
->Flash cache emptied: 918 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 270.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 02152012_230258

Files\Folders moved on Reboot...
File move failed. C:\Windows\System32\dxdiag.exe scheduled to be moved on reboot.
File\Folder C:\Users\Pothecary\AppData\Local\Temp\~DF276B.tmp not found!
File\Folder C:\Users\Pothecary\AppData\Local\Temp\~DF7FB5.tmp not found!
File\Folder C:\Users\Pothecary\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.Word\~WRS0000.tmp not found!
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...


Kaspersky Log

23:11:55.0252 4276 TDSS rootkit removing tool 2.7.12.0 Feb 11 2012 16:58:52
23:11:55.0440 4276 ============================================================
23:11:55.0440 4276 Current date / time: 2012/02/15 23:11:55.0439
23:11:55.0440 4276 SystemInfo:
23:11:55.0440 4276
23:11:55.0440 4276 OS Version: 6.0.6002 ServicePack: 2.0
23:11:55.0440 4276 Product type: Workstation
23:11:55.0440 4276 ComputerName: NICKY
23:11:55.0440 4276 UserName: Pothecary
23:11:55.0440 4276 Windows directory: C:\Windows
23:11:55.0440 4276 System windows directory: C:\Windows
23:11:55.0440 4276 Processor architecture: Intel x86
23:11:55.0440 4276 Number of processors: 2
23:11:55.0440 4276 Page size: 0x1000
23:11:55.0440 4276 Boot type: Normal boot
23:11:55.0440 4276 ============================================================
23:11:57.0506 4276 Drive \Device\Harddisk0\DR0 - Size: 0xDF8F90000 (55.89 Gb), SectorSize: 0x200, Cylinders: 0xC3A9, SectorsPerTrack: 0x1A, TracksPerCylinder: 0x5A, Type 'K0', Flags 0x00000050
23:11:57.0508 4276 \Device\Harddisk0\DR0:
23:11:57.0520 4276 MBR used
23:11:57.0520 4276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2EE800, BlocksNum 0x37E3800
23:11:57.0520 4276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3AD2000, BlocksNum 0x34F5000
23:11:57.0682 4276 Initialize success
23:11:57.0683 4276 ============================================================
23:13:19.0040 2520 ============================================================
23:13:19.0040 2520 Scan started
23:13:19.0040 2520 Mode: Manual; SigCheck; TDLFS;
23:13:19.0040 2520 ============================================================
23:13:20.0027 2520 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
23:13:20.0280 2520 ACPI - ok
23:13:20.0611 2520 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
23:13:20.0660 2520 adp94xx - ok
23:13:20.0749 2520 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
23:13:20.0785 2520 adpahci - ok
23:13:20.0915 2520 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
23:13:20.0945 2520 adpu160m - ok
23:13:20.0981 2520 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
23:13:21.0004 2520 adpu320 - ok
23:13:21.0239 2520 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
23:13:21.0340 2520 AFD - ok
23:13:21.0703 2520 AgereSoftModem (5d97943c128ed756d1b0a08302c1b1f8) C:\Windows\system32\DRIVERS\AGRSM.sys
23:13:22.0029 2520 AgereSoftModem - ok
23:13:22.0311 2520 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
23:13:22.0351 2520 agp440 - ok
23:13:22.0403 2520 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
23:13:22.0439 2520 aic78xx - ok
23:13:22.0653 2520 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
23:13:22.0698 2520 aliide - ok
23:13:22.0767 2520 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
23:13:22.0811 2520 amdagp - ok
23:13:23.0033 2520 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
23:13:23.0073 2520 amdide - ok
23:13:23.0145 2520 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
23:13:23.0326 2520 AmdK7 - ok
23:13:23.0518 2520 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
23:13:23.0669 2520 AmdK8 - ok
23:13:23.0800 2520 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
23:13:23.0830 2520 arc - ok
23:13:23.0982 2520 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
23:13:23.0998 2520 arcsas - ok
23:13:24.0148 2520 aswFsBlk (c47623ffd181a1e7d63574dde2a0a711) C:\Windows\system32\drivers\aswFsBlk.sys
23:13:24.0200 2520 aswFsBlk - ok
23:13:24.0314 2520 aswFW (8c5b61dbfdaccc0a316acdea76774b32) C:\Windows\system32\drivers\aswFW.sys
23:13:24.0347 2520 aswFW - ok
23:13:24.0444 2520 aswMonFlt (4804753a4ec7d67cc22d226bffd1c1e3) C:\Windows\system32\drivers\aswMonFlt.sys
23:13:24.0468 2520 aswMonFlt - ok
23:13:24.0557 2520 aswRdr (36239e24470a3dd81fae37510953cc6c) C:\Windows\system32\drivers\aswRdr.sys
23:13:24.0574 2520 aswRdr - ok
23:13:24.0821 2520 aswSnx (caa846e9c83836bdc3d2d700c678db65) C:\Windows\system32\drivers\aswSnx.sys
23:13:24.0871 2520 aswSnx - ok
23:13:25.0130 2520 aswSP (748ae7f2d7da33adb063fe05704a9969) C:\Windows\system32\drivers\aswSP.sys
23:13:25.0231 2520 aswSP - ok
23:13:25.0406 2520 aswTdi (ca9925ce1dbd07ffe1eb357752cf5577) C:\Windows\system32\drivers\aswTdi.sys
23:13:25.0453 2520 aswTdi - ok
23:13:25.0538 2520 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
23:13:25.0735 2520 AsyncMac - ok
23:13:25.0949 2520 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
23:13:25.0982 2520 atapi - ok
23:13:26.0483 2520 athr (b01751cc563aecac09bbe36aaa21fbef) C:\Windows\system32\DRIVERS\athr.sys
23:13:26.0662 2520 athr - ok
23:13:26.0906 2520 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
23:13:26.0972 2520 Beep - ok
23:13:27.0006 2520 blbdrive - ok
23:13:27.0160 2520 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
23:13:27.0247 2520 bowser - ok
23:13:27.0327 2520 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
23:13:27.0458 2520 BrFiltLo - ok
23:13:27.0590 2520 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
23:13:27.0646 2520 BrFiltUp - ok
23:13:27.0689 2520 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
23:13:27.0766 2520 Brserid - ok
23:13:27.0925 2520 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
23:13:28.0004 2520 BrSerWdm - ok
23:13:28.0051 2520 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
23:13:28.0158 2520 BrUsbMdm - ok
23:13:28.0335 2520 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
23:13:28.0455 2520 BrUsbSer - ok
23:13:28.0619 2520 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
23:13:28.0702 2520 BTHMODEM - ok
23:13:28.0769 2520 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
23:13:28.0861 2520 cdfs - ok
23:13:28.0932 2520 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
23:13:28.0986 2520 cdrom - ok
23:13:29.0080 2520 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
23:13:29.0162 2520 circlass - ok
23:13:29.0207 2520 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
23:13:29.0238 2520 CLFS - ok
23:13:29.0298 2520 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
23:13:29.0360 2520 CmBatt - ok
23:13:29.0410 2520 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
23:13:29.0429 2520 cmdide - ok
23:13:29.0607 2520 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
23:13:29.0650 2520 Compbatt - ok
23:13:29.0699 2520 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
23:13:29.0721 2520 crcdisk - ok
23:13:29.0756 2520 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
23:13:29.0875 2520 Crusoe - ok
23:13:29.0958 2520 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
23:13:30.0030 2520 DfsC - ok
23:13:30.0135 2520 dgderdrv (6216fd7fd227de454238a702b218cec7) C:\Windows\system32\drivers\dgderdrv.sys
23:13:30.0149 2520 dgderdrv - ok
23:13:30.0200 2520 DgiVecp (b327b0ca9fce58893d456ee2360378af) C:\Windows\system32\Drivers\DgiVecp.sys
23:13:30.0217 2520 DgiVecp ( UnsignedFile.Multi.Generic ) - warning
23:13:30.0217 2520 DgiVecp - detected UnsignedFile.Multi.Generic (1)
23:13:30.0281 2520 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
23:13:30.0299 2520 disk - ok
23:13:30.0375 2520 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
23:13:30.0440 2520 drmkaud - ok
23:13:30.0551 2520 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
23:13:30.0601 2520 DXGKrnl - ok
23:13:30.0647 2520 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
23:13:30.0740 2520 E1G60 - ok
23:13:30.0812 2520 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
23:13:30.0833 2520 Ecache - ok
23:13:30.0921 2520 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
23:13:30.0946 2520 elxstor - ok
23:13:31.0015 2520 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
23:13:31.0070 2520 exfat - ok
23:13:31.0136 2520 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
23:13:31.0203 2520 fastfat - ok
23:13:31.0285 2520 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
23:13:31.0370 2520 fdc - ok
23:13:31.0469 2520 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
23:13:31.0489 2520 FileInfo - ok
23:13:31.0668 2520 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
23:13:31.0751 2520 Filetrace - ok
23:13:31.0940 2520 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
23:13:32.0038 2520 flpydisk - ok
23:13:32.0249 2520 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
23:13:32.0291 2520 FltMgr - ok
23:13:32.0485 2520 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
23:13:32.0596 2520 Fs_Rec - ok
23:13:32.0835 2520 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
23:13:32.0887 2520 gagp30kx - ok
23:13:33.0167 2520 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:13:33.0200 2520 GEARAspiWDM - ok
23:13:33.0496 2520 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
23:13:33.0581 2520 HdAudAddService - ok
23:13:34.0011 2520 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
23:13:34.0135 2520 HDAudBus - ok
23:13:34.0427 2520 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
23:13:34.0599 2520 HidBth - ok
23:13:34.0873 2520 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
23:13:34.0982 2520 HidIr - ok
23:13:35.0538 2520 HidUsb (3c64042b95e583b366ba4e5d2450235e) C:\Windows\system32\drivers\hidusb.sys
23:13:35.0657 2520 HidUsb - ok
23:13:35.0906 2520 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
23:13:35.0945 2520 HpCISSs - ok
23:13:36.0094 2520 HTTP (0eeeca26c8d4bde2a4664db058a81937) C:\Windows\system32\drivers\HTTP.sys
23:13:36.0210 2520 HTTP - ok
23:13:36.0460 2520 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
23:13:36.0498 2520 i2omp - ok
23:13:36.0904 2520 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
23:13:36.0980 2520 i8042prt - ok
23:13:37.0575 2520 ialm (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:13:37.0806 2520 ialm - ok
23:13:38.0069 2520 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
23:13:38.0166 2520 iaStorV - ok
23:13:38.0776 2520 igfx (9378d57e2b96c0a185d844770ad49948) C:\Windows\system32\DRIVERS\igdkmd32.sys
23:13:38.0911 2520 igfx - ok
23:13:39.0079 2520 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
23:13:39.0120 2520 iirsp - ok
23:13:39.0175 2520 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
23:13:39.0218 2520 intelide - ok
23:13:39.0317 2520 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
23:13:39.0425 2520 intelppm - ok
23:13:39.0615 2520 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:13:39.0728 2520 IpFilterDriver - ok
23:13:39.0750 2520 IpInIp - ok
23:13:39.0813 2520 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
23:13:39.0898 2520 IPMIDRV - ok
23:13:40.0166 2520 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
23:13:40.0253 2520 IPNAT - ok
23:13:40.0415 2520 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
23:13:40.0480 2520 IRENUM - ok
23:13:40.0536 2520 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
23:13:40.0555 2520 isapnp - ok
23:13:40.0610 2520 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
23:13:40.0637 2520 iScsiPrt - ok
23:13:40.0833 2520 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
23:13:40.0856 2520 iteatapi - ok
23:13:40.0887 2520 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
23:13:40.0925 2520 iteraid - ok
23:13:40.0964 2520 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
23:13:40.0990 2520 kbdclass - ok
23:13:41.0051 2520 kbdhid (d2600cb17b7408b4a83f231dc9a11ac3) C:\Windows\system32\drivers\kbdhid.sys
23:13:41.0182 2520 kbdhid - ok
23:13:41.0536 2520 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
23:13:41.0571 2520 KSecDD - ok
23:13:41.0723 2520 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
23:13:41.0808 2520 lltdio - ok
23:13:41.0862 2520 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
23:13:41.0880 2520 LSI_FC - ok
23:13:41.0907 2520 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
23:13:41.0925 2520 LSI_SAS - ok
23:13:41.0950 2520 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
23:13:41.0979 2520 LSI_SCSI - ok
23:13:42.0222 2520 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
23:13:42.0300 2520 luafv - ok
23:13:42.0423 2520 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
23:13:42.0453 2520 megasas - ok
23:13:42.0890 2520 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
23:13:42.0967 2520 Modem - ok
23:13:43.0174 2520 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
23:13:43.0267 2520 monitor - ok
23:13:43.0402 2520 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
23:13:43.0433 2520 mouclass - ok
23:13:43.0679 2520 mouhid (a3a6dff7e9e757db3df51a833bc28885) C:\Windows\system32\drivers\mouhid.sys
23:13:43.0824 2520 mouhid - ok
23:13:44.0093 2520 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
23:13:44.0127 2520 MountMgr - ok
23:13:44.0197 2520 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
23:13:44.0216 2520 mpio - ok
23:13:44.0350 2520 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
23:13:44.0421 2520 mpsdrv - ok
23:13:44.0503 2520 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
23:13:44.0537 2520 Mraid35x - ok
23:13:44.0659 2520 MREMP50 (9bd4dcb5412921864a7aacdedfbd1923) C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
23:13:44.0728 2520 MREMP50 ( UnsignedFile.Multi.Generic ) - warning
23:13:44.0728 2520 MREMP50 - detected UnsignedFile.Multi.Generic (1)
23:13:44.0734 2520 MREMPR5 - ok
23:13:44.0743 2520 MRENDIS5 - ok
23:13:44.0758 2520 MRESP50 (07c02c892e8e1a72d6bf35004f0e9c5e) C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
23:13:44.0779 2520 MRESP50 ( UnsignedFile.Multi.Generic ) - warning
23:13:44.0779 2520 MRESP50 - detected UnsignedFile.Multi.Generic (1)
23:13:45.0009 2520 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
23:13:45.0096 2520 MRxDAV - ok
23:13:45.0328 2520 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
23:13:45.0424 2520 mrxsmb - ok
23:13:45.0508 2520 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:13:45.0556 2520 mrxsmb10 - ok
23:13:45.0788 2520 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:13:45.0843 2520 mrxsmb20 - ok
23:13:45.0916 2520 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
23:13:45.0932 2520 msahci - ok
23:13:46.0026 2520 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
23:13:46.0053 2520 msdsm - ok
23:13:46.0272 2520 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
23:13:46.0345 2520 Msfs - ok
23:13:46.0461 2520 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
23:13:46.0482 2520 msisadrv - ok
23:13:46.0534 2520 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
23:13:46.0620 2520 MSKSSRV - ok
23:13:46.0682 2520 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
23:13:46.0773 2520 MSPCLOCK - ok
23:13:47.0101 2520 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
23:13:47.0204 2520 MSPQM - ok
23:13:47.0387 2520 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
23:13:47.0420 2520 MsRPC - ok
23:13:47.0587 2520 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
23:13:47.0610 2520 mssmbios - ok
23:13:47.0654 2520 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
23:13:47.0762 2520 MSTEE - ok
23:13:48.0012 2520 MTsensor (97affa9d95ffe20eee6229bc6be166cf) C:\Windows\system32\DRIVERS\ATKACPI.sys
23:13:48.0072 2520 MTsensor - ok
23:13:48.0172 2520 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
23:13:48.0222 2520 Mup - ok
23:13:48.0481 2520 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
23:13:48.0550 2520 NativeWifiP - ok
23:13:48.0692 2520 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
23:13:48.0758 2520 NDIS - ok
23:13:48.0953 2520 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
23:13:49.0038 2520 NdisTapi - ok
23:13:49.0183 2520 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
23:13:49.0291 2520 Ndisuio - ok
23:13:49.0534 2520 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
23:13:49.0608 2520 NdisWan - ok
23:13:49.0735 2520 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
23:13:49.0811 2520 NDProxy - ok
23:13:49.0974 2520 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
23:13:50.0034 2520 NetBIOS - ok
23:13:50.0204 2520 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
23:13:50.0253 2520 netbt - ok
23:13:50.0475 2520 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
23:13:50.0496 2520 nfrd960 - ok
23:13:50.0617 2520 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
23:13:50.0697 2520 Npfs - ok
23:13:50.0855 2520 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
23:13:50.0961 2520 nsiproxy - ok
23:13:51.0299 2520 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
23:13:51.0409 2520 Ntfs - ok
23:13:51.0694 2520 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
23:13:51.0868 2520 ntrigdigi - ok
23:13:52.0104 2520 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
23:13:52.0145 2520 Null - ok
23:13:52.0220 2520 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
23:13:52.0236 2520 nvraid - ok
23:13:52.0278 2520 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
23:13:52.0310 2520 nvstor - ok
23:13:52.0450 2520 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
23:13:52.0469 2520 nv_agp - ok
23:13:52.0586 2520 NwlnkFlt - ok
23:13:52.0603 2520 NwlnkFwd - ok
23:13:52.0696 2520 OemBiosDevice (cd85dd531c2fc085108aebc047072476) C:\Windows\system32\drivers\royal.sys
23:13:52.0739 2520 OemBiosDevice ( UnsignedFile.Multi.Generic ) - warning
23:13:52.0739 2520 OemBiosDevice - detected UnsignedFile.Multi.Generic (1)
23:13:52.0861 2520 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\drivers\ohci1394.sys
23:13:52.0978 2520 ohci1394 - ok
23:13:53.0094 2520 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
23:13:53.0171 2520 Parport - ok
23:13:53.0261 2520 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
23:13:53.0298 2520 partmgr - ok
23:13:53.0419 2520 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
23:13:53.0512 2520 Parvdm - ok
23:13:53.0680 2520 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
23:13:53.0705 2520 pci - ok
23:13:53.0795 2520 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
23:13:53.0830 2520 pciide - ok
23:13:54.0109 2520 pcmcia (3bb2244f343b610c29c98035504c9b75) C:\Windows\system32\DRIVERS\pcmcia.sys
23:13:54.0174 2520 pcmcia - ok
23:13:54.0474 2520 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
23:13:54.0697 2520 PEAUTH - ok
23:13:55.0011 2520 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
23:13:55.0084 2520 PptpMiniport - ok
23:13:55.0145 2520 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
23:13:55.0249 2520 Processor - ok
23:13:55.0456 2520 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
23:13:55.0505 2520 PSched - ok
23:13:55.0685 2520 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
23:13:55.0769 2520 ql2300 - ok
23:13:55.0982 2520 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
23:13:56.0030 2520 ql40xx - ok
23:13:56.0110 2520 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
23:13:56.0194 2520 QWAVEdrv - ok
23:13:56.0469 2520 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
23:13:56.0558 2520 RasAcd - ok
23:13:56.0890 2520 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
23:13:56.0997 2520 Rasl2tp - ok
23:13:57.0241 2520 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
23:13:57.0777 2520 RasPppoe - ok
23:13:58.0069 2520 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
23:13:58.0142 2520 RasSstp - ok
23:13:58.0441 2520 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
23:13:58.0550 2520 rdbss - ok
23:13:58.0739 2520 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
23:13:58.0825 2520 RDPCDD - ok
23:13:59.0237 2520 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
23:13:59.0416 2520 rdpdr - ok
23:13:59.0687 2520 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
23:13:59.0781 2520 RDPENCDD - ok
23:14:00.0028 2520 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
23:14:00.0079 2520 RDPWD - ok
23:14:00.0271 2520 RimUsb (616eac1b0e48b236a5a9b8ae07fdb81c) C:\Windows\system32\Drivers\RimUsb.sys
23:14:00.0371 2520 RimUsb - ok
23:14:00.0442 2520 RimVSerPort (2c4fb2e9f039287767c384e46ee91030) C:\Windows\system32\DRIVERS\RimSerial.sys
23:14:00.0476 2520 RimVSerPort - ok
23:14:00.0778 2520 ROOTMODEM (75e8a6bfa7374aba833ae92bf41ae4e6) C:\Windows\system32\Drivers\RootMdm.sys
23:14:00.0833 2520 ROOTMODEM - ok
23:14:01.0236 2520 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
23:14:01.0338 2520 rspndr - ok
23:14:01.0483 2520 RTL8023xp (5c5612756b380bcedbf566a780ff9afe) C:\Windows\system32\DRIVERS\Rtnicxp.sys
23:14:01.0560 2520 RTL8023xp - ok
23:14:01.0634 2520 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
23:14:01.0663 2520 sbp2port - ok
23:14:01.0896 2520 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
23:14:01.0981 2520 secdrv - ok
23:14:02.0140 2520 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
23:14:02.0231 2520 Serenum - ok
23:14:02.0458 2520 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
23:14:02.0592 2520 Serial - ok
23:14:02.0807 2520 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
23:14:02.0878 2520 sermouse - ok
23:14:02.0967 2520 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
23:14:03.0046 2520 sffdisk - ok
23:14:03.0378 2520 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
23:14:03.0483 2520 sffp_mmc - ok
23:14:03.0636 2520 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
23:14:03.0738 2520 sffp_sd - ok
23:14:03.0884 2520 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
23:14:04.0003 2520 sfloppy - ok
23:14:04.0274 2520 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
23:14:04.0315 2520 sisagp - ok
23:14:04.0360 2520 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
23:14:04.0384 2520 SiSRaid2 - ok
23:14:04.0640 2520 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
23:14:04.0666 2520 SiSRaid4 - ok
23:14:04.0765 2520 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
23:14:04.0865 2520 Smb - ok
23:14:05.0238 2520 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
23:14:05.0270 2520 spldr - ok
23:14:05.0456 2520 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
23:14:05.0539 2520 srv - ok
23:14:05.0751 2520 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
23:14:05.0832 2520 srv2 - ok
23:14:05.0902 2520 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
23:14:05.0988 2520 srvnet - ok
23:14:06.0220 2520 sscebus (b2063ce662af3ab20045121a5b716df6) C:\Windows\system32\DRIVERS\sscebus.sys
23:14:06.0273 2520 sscebus - ok
23:14:06.0393 2520 sscemdfl (66799dc0afe3dcaf8368cae17394a762) C:\Windows\system32\DRIVERS\sscemdfl.sys
23:14:06.0419 2520 sscemdfl - ok
23:14:06.0651 2520 sscemdm (cbf03ffc08f8db547bab2f79aa663d16) C:\Windows\system32\DRIVERS\sscemdm.sys
23:14:06.0700 2520 sscemdm - ok
23:14:06.0802 2520 ssceserd (60cd4ad33aa52e58faac3abad18cf8ef) C:\Windows\system32\DRIVERS\ssceserd.sys
23:14:06.0844 2520 ssceserd - ok
23:14:07.0046 2520 SSPORT (ef3458337d7341a05169cefc73709264) C:\Windows\system32\Drivers\SSPORT.sys
23:14:07.0089 2520 SSPORT ( UnsignedFile.Multi.Generic ) - warning
23:14:07.0089 2520 SSPORT - detected UnsignedFile.Multi.Generic (1)
23:14:07.0244 2520 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
23:14:07.0274 2520 swenum - ok
23:14:07.0441 2520 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
23:14:07.0456 2520 Symc8xx - ok
23:14:07.0505 2520 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
23:14:07.0546 2520 Sym_hi - ok
23:14:07.0794 2520 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
23:14:07.0844 2520 Sym_u3 - ok
23:14:08.0331 2520 Tcpip (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\drivers\tcpip.sys
23:14:08.0431 2520 Tcpip - ok
23:14:08.0835 2520 Tcpip6 (814a1c66fbd4e1b310a517221f1456bf) C:\Windows\system32\DRIVERS\tcpip.sys
23:14:08.0939 2520 Tcpip6 - ok
23:14:09.0199 2520 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
23:14:09.0305 2520 tcpipreg - ok
23:14:09.0470 2520 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
23:14:09.0550 2520 TDPIPE - ok
23:14:09.0708 2520 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
23:14:09.0800 2520 TDTCP - ok
23:14:10.0062 2520 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
23:14:10.0136 2520 tdx - ok
23:14:10.0289 2520 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
23:14:10.0334 2520 TermDD - ok
23:14:10.0661 2520 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
23:14:10.0802 2520 tssecsrv - ok
23:14:11.0250 2520 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
23:14:11.0370 2520 tunmp - ok
23:14:11.0571 2520 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
23:14:11.0658 2520 tunnel - ok
23:14:11.0985 2520 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
23:14:12.0015 2520 uagp35 - ok
23:14:12.0213 2520 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
23:14:12.0278 2520 udfs - ok
23:14:12.0639 2520 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
23:14:12.0672 2520 uliagpkx - ok
23:14:13.0033 2520 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
23:14:13.0135 2520 uliahci - ok
23:14:13.0435 2520 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
23:14:13.0488 2520 UlSata - ok
23:14:13.0774 2520 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
23:14:13.0811 2520 ulsata2 - ok
23:14:14.0004 2520 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
23:14:14.0099 2520 umbus - ok
23:14:14.0440 2520 USBAAPL (83cafcb53201bbac04d822f32438e244) C:\Windows\system32\Drivers\usbaapl.sys
23:14:14.0492 2520 USBAAPL - ok
23:14:14.0603 2520 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
23:14:14.0669 2520 usbaudio - ok
23:14:14.0824 2520 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
23:14:14.0915 2520 usbccgp - ok
23:14:15.0279 2520 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
23:14:15.0472 2520 usbcir - ok
23:14:15.0801 2520 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
23:14:15.0858 2520 usbehci - ok
23:14:16.0162 2520 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
23:14:16.0245 2520 usbhub - ok
23:14:16.0475 2520 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
23:14:16.0612 2520 usbohci - ok
23:14:16.0928 2520 usbprint (b51e52acf758be00ef3a58ea452fe360) C:\Windows\system32\drivers\usbprint.sys
23:14:17.0075 2520 usbprint - ok
23:14:17.0420 2520 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
23:14:17.0483 2520 usbscan - ok
23:14:17.0849 2520 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:14:17.0945 2520 USBSTOR - ok
23:14:18.0251 2520 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
23:14:18.0315 2520 usbuhci - ok
23:14:18.0551 2520 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
23:14:18.0685 2520 vga - ok
23:14:18.0990 2520 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
23:14:19.0060 2520 VgaSave - ok
23:14:19.0326 2520 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
23:14:19.0377 2520 viaagp - ok
23:14:19.0671 2520 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
23:14:19.0792 2520 ViaC7 - ok
23:14:20.0205 2520 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
23:14:20.0250 2520 viaide - ok
23:14:20.0446 2520 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
23:14:20.0464 2520 volmgr - ok
23:14:20.0586 2520 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
23:14:20.0619 2520 volmgrx - ok
23:14:20.0835 2520 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
23:14:20.0893 2520 volsnap - ok
23:14:20.0989 2520 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
23:14:21.0048 2520 vsmraid - ok
23:14:21.0282 2520 WacomPen (39c7e2085ee23d37effc870b06f0d9a5) C:\Windows\system32\drivers\wacompen.sys
23:14:21.0361 2520 WacomPen ( UnsignedFile.Multi.Generic ) - warning
23:14:21.0361 2520 WacomPen - detected UnsignedFile.Multi.Generic (1)
23:14:21.0603 2520 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:14:21.0691 2520 Wanarp - ok
23:14:21.0717 2520 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
23:14:21.0794 2520 Wanarpv6 - ok
23:14:22.0080 2520 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
23:14:22.0098 2520 Wd - ok
23:14:22.0233 2520 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
23:14:22.0283 2520 Wdf01000 - ok
23:14:22.0647 2520 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
23:14:22.0781 2520 WmiAcpi - ok
23:14:23.0016 2520 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
23:14:23.0109 2520 WpdUsb - ok
23:14:23.0283 2520 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
23:14:23.0368 2520 ws2ifsl - ok
23:14:23.0499 2520 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
23:14:23.0576 2520 WUDFRd - ok
23:14:23.0634 2520 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
23:14:23.0884 2520 \Device\Harddisk0\DR0 - ok
23:14:23.0910 2520 Boot (0x1200) (2a3bd0ad21c718ca848054d3f4dbbb39) \Device\Harddisk0\DR0\Partition0
23:14:23.0912 2520 \Device\Harddisk0\DR0\Partition0 - ok
23:14:23.0943 2520 Boot (0x1200) (1f08b3069f584f842cdff44fc928df27) \Device\Harddisk0\DR0\Partition1
23:14:23.0972 2520 \Device\Harddisk0\DR0\Partition1 - ok
23:14:23.0975 2520 ============================================================
23:14:23.0975 2520 Scan finished
23:14:23.0975 2520 ============================================================
23:14:24.0002 1064 Detected object count: 6
23:14:24.0002 1064 Actual detected object count: 6
23:14:30.0093 1064 DgiVecp ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:30.0093 1064 DgiVecp ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:14:30.0096 1064 MREMP50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:30.0097 1064 MREMP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:14:30.0101 1064 MRESP50 ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:30.0101 1064 MRESP50 ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:14:30.0105 1064 OemBiosDevice ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:30.0105 1064 OemBiosDevice ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:14:30.0109 1064 SSPORT ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:30.0110 1064 SSPORT ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:14:30.0114 1064 WacomPen ( UnsignedFile.Multi.Generic ) - skipped by user
23:14:30.0114 1064 WacomPen ( UnsignedFile.Multi.Generic ) - User select action: Skip


Kaspersky did not ask me to cure or reboot


Malwarebytes log

logMalwarebytes Anti-Malware 1.60.1.1000
www.malwarebytes.org

Database version: v2012.02.14.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Pothecary :: NICKY [administrator]

15/02/2012 23:16:45
mbam-log-2012-02-15 (23-16-45).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 173385
Time elapsed: 6 minute(s), 39 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

[CompCav]

How is the computer performing?


What issues do you still have with it?

[nigella]

It seems to be good at the moment. I have Avast running which updates automatically, how come this didn't find the rootkit?

[CompCav]

It seems to be good at the moment.

Glad to here this. We still have a little work to do before we close out.

I have Avast running which updates automatically, how come this didn't find the rootkit?

This was not a rootkit.

The two P2P programs allow things to get on to your machine without the benefit of your firewall protection or your AV (until it actually runs) and no AV gets all of the malware all of the time. The download and install of iLivid and searchqu require the user to accept some program downloaded onto the computer that has these loaded into it as part of the install. Sometimes you are asked if you want it installed but in many instances it installs without your knowing unless you read all the details in the EULA before accepting to install.

So I recommend that you run an antivirus scan at least once per week and always keep it updated and turned on. You should have your firewall on also. Last layer of protection to me is MalwareBytes' it needs to be updated and run at least once every two weeks or if you sense any suspicious activity.

But the last line of defense is user actions. Do not use P2P programs and when installing something make sure it is downloaded from a reputable source and as you go through the install screens make sure it is not offering to install a toolbar or something else, and if it is make sure you uncheck it or stop the install.


I will have some more recommendations when we close but these are critical right now.

The next step in cleaning your computer will be ready tomorrow after my instructor approves it.

CompCav

[nigella]

ok thanks for your help so far.

something else that I have a problem with is a 32Gb flash drive that is unrecognisable and I am looking fora way of recovering the data, any ideas ?

[CompCav]

something else that I have a problem with is a 32Gb flash drive that is unrecognisable and I am looking fora way of recovering the data, any ideas ?

We can look at it after we finish this.

[nigella]

Cool!!!!

[CompCav]

Step 1.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on:

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

• Select the option YES, I accept the Terms of Use then click on:
• When prompted allow Add-On/Active X to install.
• Make sure that the option Scan archives is checked.
• Now click on Advanced Settings and select the following:
  
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
• Now click on:
• The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
• When completed the Online Scan will begin automatically. The scan may take several hours.
• Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
• When completed select Uninstall application on close, make sure you copy the logfile first!
• Now click on:
• Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
• Copy and paste that log as a reply to this topic.

Step 2.

Security Check
Download Security Check by screen317 from here or here.

Save it to your Desktop.
Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Step 3.

• Double click on the icon to run it.
• Click the Quick Scan button. Post the log it produces in your next reply. The scan won't take long.

Step 4.

Please post:

eset log
security check log
OTL.txt

Please give me an update on how your computer is doing!